Last week our content manager, Mindy Affrime, sent me an article about the risks associated with Medical IoT Devices. The article caught my attention because of the author. It was published by the Cyber Security Engineering Department at the University of San Diego. The article names four areas they believe “will be particularly vulnerable to cyber attack[s]” in 2017.
Medical IoT Devices was #2 on their list of most vulnerable to attack. Researches first warned about the risk of unsecured and undersecured IoT in Healthcare 5 years ago. What surprises me is how quickly smart medical devices have gone from relative obscurity to becoming a top security concern.
I agree with the University of San Diego’s assessment. Here’s why:
1. IoT Has Arrived in Healthcare
Healthcare IoT is one of the fastest growing IoT segments, according to IDC. 7.3-billion people live on the planet today and that means 7.3-billion patients; all of whom will need healthcare. IoT can help eliminate some basic inefficiencies in healthcare like data collection and sharing. As hospitals and clinics invest in smart medical devices IT Security professionals need to be ready with a strategy for managing the associated risk.
2. Hackers Will Target Medical IoT
Cybercriminals searching for personal information will continue targeting the least secure systems. And right now, Medical IoT Devices are among the least secure systems in healthcare. They are capable of collecting, transmitting, and sharing highly sensitive information. Hackers will target Medical IoT because that’s where the data is. I call this the “Slick Willie Effect.” (When a reporter asked Willie Sutton why he robbed banks he famously replied, “Because that’s where the money is.”)
3. Traditional Security Solutions Cannot Protect Medical IoT
Traditional security solutions rely too heavily on agents. They were designed to detect threats on a few known platforms like Windows, iOS and Android. IoT devices utilize a variety of purpose-built operating systems like BusyBox and Tizen that cannot run enterprise security software or agents. Consequently, they are simply invisible on the network. Securing Medical IoT Devices requires a new approach.
A Solution For Securing Medical IoT Devices
I believe organizations can safely deploy and secure smart medical devices. An effective IoT security strategy should include the following elements:
- Identify Every Connected Device
- Device Behavior Analytics
- Continuous Monitoring
- Enforce Device Specific Security Policies
Securolytics IoT Tracker allows hospitals and clinics to quickly secure Medical IoT Devices. IoT Tracker provides in-depth visibility and control through passive monitoring. No software, no agents.
Learn more about our products including IoT Tracker at securolytics.io/products.
Read the full article, 4 Cyber Security Threats for 2017, on the University of San Diego’s website.